CovidLock is a new Android malware threat that prays on people’s panic surrounding the current COVID-19 (Coronavirus) worldwide pandemic. CovidLock is a screen-locker Ransomware virus that targets Android devices, locking their screens and demanding a ransom in exchange for unlocking them.
With the recent worldwide spread of the new coronavirus (COVID-19) and the declared pandemic, the whole world is in panic, whilst trying to mitigate the consequences of this health hazard. However, there are always those who seek to profit from other people’s fear and panic and the case with the newly-reported “CovidLock” virus is no different. This is a recently developed Ransomware that attacks Android smartphones and tablets. Below, we will tell you about how this virus spreads, how it works, and what the methods to fight it are.
The CovidLock Ransomware spreads under the disguise of a tracker app for the Coronavirus. Praying on the panic instilled in the worldwide population, the hackers behind this Ransomware have found a way to capitalize on that by disguising their virus as an Android app that can supposedly track the spread of the virus and even notify the user if there are infected people nearby (less gullible users would immediately recognize the ridiculousness of this last statement about this fake tracker).
Once the user downloads and installs the Coronavirus Tracker, the fake app asks for a number of permissions from the user. Firstly, it asks the user to allow battery optimization for the app. This is to prevent the phone from automatically stopping the Ransomware’s processes if the battery gets too low. The next thing required by the Ransomware in disguise is access to the Accessibility feature, which would further ensure that the virus stays active at all times, keeping the device locked. Lastly, the Ransomware tells the user it needs to be granted Administrator privileges. More experienced users would immediately recognize that there’s something shady about an app that requires Admin privileges, but this is where the Coronavirus Tracker (CovidLock) tells the user that it needs these privileges in order to show notifications whenever a person infected with the real-life COVID-19 virus is nearby. This statement is obviously made by the Ransomware in order to convince the user to provide the needed permissions, but less naive users should immediately realize that this is nothing but a shameless scam and delete the malware app right away.
As soon as the user taps on the Scan Area For Coronavirus option after giving the malware app Admin rights, the device’s screen gets blocked by a scary message, where the creators of the malware claim that the victim must pay 250$ in BitCoin to them or else all of the photos and videos kept on the infected smartphone would get sent to the user’s contacts. Before we get any further, we need to mention that if you are a victim of this Ransomware and currently have this scary message on the screen of your phone, you should know that none of the threats stated in there are true. The hacker doesn’t have access to your phone and they cannot do anything to your files. The only real problem here is the fact that you won’t be able to use your phone until you acquire the access key that can unlock the device. However, to get that key, there’s no need to pay the required ransom – in the next paragraph, we will tell you exactly how you can deal with this malicious app on your own.
Unlocking your phone and removing CovidLock
Security researchers have examined the CovidLock virus’ code and have determined that it is actually a rather simply screen-locking Ransomware that doesn’t use encryption and the code to unlock it is always the same – 4865083501. If you have had the CovidLock virus attack your device, use this code to unlock it. Now your phone will be usable again but do not forget that the malware app is still in the device. To remove it, go to Settings > Apps (the list of installed apps) and find the Coronavirus Tracker application. Tap on the app and then select the Uninstall option. If you aren’t allowed to do that because the app has Admin rights, you may need to first open the Coronavirus Tracker again and revoke its Admin privileges, then go back to Settings > Apps and complete the uninstallation.